Security
Headlines
HeadlinesLatestCVEs

Latest News

GHSA-89q6-98xx-4ffw: Silverstripe Reports are still accessible even when `canView()` returns false

Reports can be accessed by their direct URL by any user who has access to view the reports admin section, even if the `canView()` method for that report returns `false`. ## References - https://www.silverstripe.org/download/security-releases/cve-2024-29885

ghsa
#vulnerability#web#git
Training at Black Hat to Focus on Equipping Cybersecurity Leaders With Soft Skills

A two-day presentation will examine the social-behavioral aspects of cybersecurity leadership to drive team success.

Snowflake Account Attacks Driven by Exposed Legitimate Credentials

Credential management gets a boost with the latest infostealers' extortion campaign built on info stolen from cloud storage systems.

AI Consortium Plans Toolkit to Rate AI Model Safety

An AI consortium consisting of top tech companies will release a toolkit later this year for measuring the safety of generative AI models.

Rite Aid says 2.2 million people affected in data breach

Rite Aid has started notifying 2.2 million people that were affected by data breach that was part of a June ransomware attack.

GHSA-6523-jf4r-c962: Apache StreamPipes has potential remote code execution (RCE) via file upload

Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes. Such a dangerous type might be an executable file that may lead to a remote code execution (RCE). The unrestricted upload is only possible for authenticated and authorized users. This issue affects Apache StreamPipes: through 0.93.0. Users are recommended to upgrade to version 0.95.0, which fixes the issue.

Navigating Insider Risks: Are your Employees Enabling External Threats?

Attacks on your network are often meticulously planned operations launched by sophisticated threats. Sometimes your technical fortifications provide a formidable challenge, and the attack requires assistance from the inside to succeed. For example, in 2022, the FBI issued a warning1 that SIM swap attacks are growing: gain control of the phone and earn a gateway to email, bank accounts, stocks,

FIN7 Group Advertises Security-Bypassing Tool on Dark Web Forums

The financially motivated threat actor known as FIN7 has been observed using multiple pseudonyms across several underground forums to likely advertise a tool known to be used by ransomware groups like Black Basta. "AvNeutralizer (aka AuKill), a highly specialized tool developed by FIN7 to tamper with security solutions, has been marketed in the criminal underground and used by multiple

The US Supreme Court Kneecapped US Cyber Strategy

After the Supreme Court limited the power of federal agencies to craft regulations, it’s likely up to Congress to keep US cybersecurity policy intact.

Security End-Run: 'AuKill' Shuts Down Windows-Reliant EDR Processes

Russian threat actor FIN7 has shifted gears multiple times in recent years, focusing now on helping ransomware groups be even more covertly effective.